-
February 25th, 2005, 08:02 PM
#1
Senior Member
VMWare Workstation Vulnerability
Hello all-
Just came across this and thought to share for those of us using VMWare and using Gentoo Linux. It states that Gentoo Linux is the only OS/OE vulnerable - but also lists all the versions of VMWare workstation - except the Beta 5 version. This comes from SecurityFocus :
VMWare Workstation For Linux Local Privilege Escalation Vulnerability
Detail
It is reported that VMWare workstation on Gentoo Linux based computers at least, is prone to a local privilege escalation vulnerability. The issue exists because the affected binary searches for a shared library in a world-writeable location.
A local attacker may exploit this vulnerability to execute arbitrary code in the context of a user that runs the affected application.
Workaround/Solution - for Gentoo only at this point:
Workaround:
It is reported that a file '/tmp/rrdharan' may be created (By the superuser) as viable workaround for this issue.
Solution:
Gentoo has released an advisory (GLSA 200502-18) and an updated eBuild to address this issue. This update can be installed by issuing the following sequence of commands as a superuser:
emerge --sync
emerge --ask --oneshot verbose ">=app-emulation/vmware-workstation-4.5.2.8848-r5"
Here's the link for the full detail: http://www.securityfocus.com/bid/12552
Here's the link for the Gentoo advisory: http://www.securityfocus.com/advisories/8080
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|